Hi
Renew of the Lets Encrypt certificate failed.
yunohost:
repo: local
version: 2.7.13.1
yunohost-admin:
repo: testing
version: 2.7.13
moulinette:
repo: stable
version: 2.7.12
ssowat:
repo: stable
version: 2.7.12
Applying pending configuration for service 'dnsmasq'...
The configuration file '/etc/resolv.dnsmasq.conf' has been backed up to '/home/yunohost.conf/backup/etc/resolv.dnsmasq.conf-XXXXXXXXXXX'
The configuration file '/etc/resolv.dnsmasq.conf' has been updated
Success! The configuration has been updated for service 'dnsmasq'
Executing script '/usr/share/yunohost/hooks/conf_regen/43-dnsmasq'...
+ set -e
+ FORCE=0
+ DRY_RUN=0
+ case "$1" in
+ do_post_regen /etc/resolv.dnsmasq.conf
+ regen_conf_files=/etc/resolv.dnsmasq.conf
+ [[ -z /etc/resolv.dnsmasq.conf ]]
+ sudo service dnsmasq restart
+ exit 0
Prepare key and certificate signing request (CSR) for domain.tld...
Saving to /tmp/acme-challenge-private/domain.tld.csr.
Now using ACME Tiny to sign the certificate...
Parsing account key...
Parsing CSR...
Found domains: domain.tld
Getting directory...
Directory found!
Registering account...
Error: 'newAccount'
Error: Certificate renewing for domain.tld failed !
Error: Traceback (most recent caall last):
File "/usr/lib/moulinette/yunohost/certificate.py", line 381, in certificate_renew
_fetch_and_enable_new_certificate(domain, staging)
File "/usr/lib/moulinette/yunohost/certificate.py", line 573, in _fetch_and_enable_new_certificate
'certmanager_cert_signing_failed'))
MoulinetteError: [Errno 22] Signing the new certificate failed
Error: [Errno 22] Signing the new certificate failed
Error: Wrote file to /tmp/acme-challenge-public/QZRZbdSTnTkl0lf6W-ig6OoZhxt6a5hOG-KFaITwDEM, but couldn't download http://domain.tld/.well-known/acme-challenge/QZRZbdSTnTkl0lf6W-ig6OoZhxt6a5hOG-KFaITwDEM
Warning: Debug information:
- domain ip from DNS xxx.xxx.x.xxx
- domain ip from local DNS xxx.xxx.x.xxx
- public ip of the server xxx.xxx.x.xxx
edited: There was some conflict with the .well-known location in the nginx configuration. Rectifying it solved the issue.
Hi Kanhu! I get the same error. The --no-checks option results in two warnings with debug information, which show different values for “domain ip from DNS”.
May I ask, how did solve the “conflict with the .well-known location in the nginx configuration”?
@jmendoza
Hello
You should have the domain ip matching with your YunoHost server. My domain ip(which are marked as XX.XX.XX.XX are marked for privacy) was matching with YunoHost server ip. If that are not matching you have to configure your DNS first.
Now if the ip is matching and then there is an error. You should see the app.conf files under /etc/nginx/conf.d/domanin.tld.d/app.conf and look for .well-known locations and comment them for the sake of the renewing of the certificate.
After that restart nginx :service nginx restart and then yunohost domain cert-renew domain.tld
You can uncomment the .well-known lines form the app.conf and restart nginx again.
Thanks a lot for the explanation Kanhu, very clear. I have followed your recommendations, but still no luck. Perhaps the root of the problem is that my ISP blocks ports, as I explain here (I don’t want to raise my issue in two different threads, to respect you and the community ;-). I will continue trying, thanks for your response anyway!